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REMARKS 

Claims 1-25 are pending. Claims 1-25 have been rejected. 
Claims 1-4, 8 and 17 have been amended to further particularly point out and distinctly 
claim subject matter regarded as the invention. 

The amendments here presented are made for the purposes of better defining the 
invention, rather than to overcome the rejections for patentability. Support for the 
amendments herein presented can be found in the specification and claims as filed. No 
new matter has been introduced as a result of the amendments. Reconsideration and 
allowance is respectfully requested in view of the amendments and the following 
remarks. 

The 35 U.S.C. § 112 Rejection 

Claims 1-7 stand rejected under 35 U.S.C. § 112, second paragraph, as allegedly 
being indefinite for failing to particularly point out and distinctly claim the subject matter 
applicant regards as the invention. This objection is respectfully traversed. 

The Office Action asserts that Claim 1 recites the limitation of "said switching 
process component" in page 25, line 13. The Office Action asserts that there is 
insufficient antecedent basis for this limitation in the claim. The Office Action asserts 
that for Claims 2-7 depend from rejected claim 1 rendering those dependent claims 
indefinite. 

Claims 1, 8 and 17 have been amended to more particularly claim the subject 
matter. Specifically, the term "switching process component" has been uniformly used in 
the claims. 

With this amendment, it is respectfully submitted the claims satisfy the statutory 
requirements. 
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The 35 U.S.C. $ 102 Rejection 

Claims 1-3, 8, 13, 15-17, 24 and 25 stand rejected under 35 U.S.C. § 102(e) as 
being allegedly unpatentable over Coss et al. (U.S. Patent No. 6,170,0125). This 
rejection is respectfully traversed. 

In the Office Action at paper number 2, paragraph 6, the Office Action asserts as 
to claims 1, 2, 8, 13, and 17, that Coss discloses a "domain support engine," which 
operates as a session manager operating within the firewall, and containing header and 
payload information (see figure 4), tracking session context, operating within the 
switching process (see column 5, line 35 to column 6, line 15). The DSE can create mini- 
sessions for additional, related transfers (see column 7, lines 24-33). The Office Action 
asserts for claims 3, 15, and 24, that rules are implemented to delete sessions and mini- 
sessions authorized by them after a timeout (see column 4, line 35 to column 5, line 33). 
The Office Action asserts for claims 16 and 25, that the invention disclosed by Coss can 
change rules dynamically (see column 8, lines 23-55). Applicants respectfully disagree 
with the assertions in the Office Action. 

To anticipate a claim under 35 U.S.C. § 102, a single source must contain all of 
the elements of the claim. Lewmar Marine Inc. v. Barient, Inc., 827 F.2d 744, 747, 3 
U.S.P.Q.2d 1766, 1768 (Fed. Cir. 1987), cert, denied, 484 U.S. 1007 (1988). Moreover, 
the single source must disclose all of the claimed elements "arranged as in the claim." 
Structural Rubber Prods. Co. v. Park Rubber Co., 749 F.2d 707, 716, 223 U.S.P.Q. 1264, 
1271 (Fed. Cir. 1984). 

The Coss et al. reference discloses computer network firewalls that include one or 
more features for increased processing efficiency. The Coss et al. reference discloses a 
computer network firewall configured to utilize stateful packet filtering by storing in a 
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cache the results of rule processing as applied to one or more packets. The Coss et al. 
reference discloses stateful packet filtering being implemented by caching rule processing 
results for received packets and then utilizing the cached results to bypass rule processing 
for subsequent similar packets. The Coss et al. reference discloses at Figure 4 a hash 
table illustrating that the cache can include a session key, hardware address information, 
interface information, an alarm code, statistical information, and an applicable action. 
The Coss et al. reference at Figure 4 is silent with respect to payload information. The 
Coss et al. reference discloses a decision module called a domain support engine (DSE). 
The Coss et al. reference discloses that the (DSE) determines which security policy to use 
for a new network session. The Coss et al. reference discloses that each new session 
must be approved by the security policies of the source domain and the destination 
domain. The Coss et al. reference discloses that the DSE makes the domain selection 
based on the incoming or outgoing network interface, as well as on the source or 
destination network address of each packet. The Coss et al. merely discloses that for 
protocols of the type which require a separate additional network session, from the 
outside back to the user, such as for example, the protocol employed by ReaLAudio, a 
rule can include a condition or mask that allows a connection back to a user, but only if 
there is a proper forward connection concurrently active, i.e., a connection in which the 
source and destination addresses are interchanged. The Coss et al. reference is silent with 
respect to a mini-session comprises instantiated software modules residing in the same 
address space as the switching process component. (See Coss et al. at Abstract, column 5, 
lines 35-66, column 6, lines 1-15, column 7, lines 24-33). 

The Coss et al. reference fails to disclose each and every claimed element. 
Specifically, the Coss et al. reference does not disclose "a firewall device having a 
plurality of communication interfaces, a packet filtering component coupled to each of 
the interfaces, a switching process component coupled to each of the interfaces, and a 
firewall services component coupled to the switching process component, a method for 
optimizing firewall processing comprising; providing a session manager in the firewall 
services component; providing a firewall module in the switching process component; 
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instantiating a session, by said session manager, for data transfers within the firewall 
device, said sessions having header and payload information related to data transfers 
within the firewall device; and instantiating a mini-session, by said session manager, 
corresponding to said instantiated session, said mini-session having header information 
related to data transfers within the firewall device, wherein said mini-session comprises 
instantiated software modules residing in the same address space as said switching 
process component, as claimed in claim 1. The Coss et al. reference does not disclose "a 
firewall device having a plurality of communication interfaces, a packet filtering 
component coupled to each of the interfaces, a switching process component coupled to 
each of the interfaces, and a firewall services component coupled to the switching process 
component, a method for optimizing firewall processing comprising; providing a session 
manager in the firewall services component; providing a firewall module in the switching 
process component; instantiating a session, by said session manager, for data transfers 
within the firewall device, said sessions having header and payload information related to 
data transfers within the firewall device; and instantiating a mini-session, by said session 
manager, corresponding to said instantiated session, said mini-session having header 
information related to data transfers within the firewall device, wherein said mini-session 
comprises instantiated software modules residing in the same address space as said 
switching process component, as claimed in claim 8. The Coss et al. reference fails to 
disclose "a program storage device readable by a machine, tangibly embodying a 
program of instructions executable by the machine to perform a method for optimizing 
firewall processing in a firewall device having a plurality of communication interfaces, a 
packet filtering component coupled to each of the interfaces, a switching process 
component coupled to each of the interfaces, and a firewall services component coupled 
to the switching process component, said method comprising; providing a session 
manager in the firewall services component; providing a firewall module in the switching 
component; instantiating a session, by said session manager, for data transfers within the 
firewall device, said sessions having header and payload information related to data 
transfers within the firewall device; and instantiating a mini-session, by said session 
manager, corresponding to said instantiated session, said mini-session having header 
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information related to data transfers within the firewall device, wherein said mini-session 
comprises instantiated software modules residing in the same address space as said 
switching process component, as claimed in claim 17. 

The Coss et al. reference discloses at Figure 4 a hash table illustrating that the 
cache can include a session key, hardware address information, interface information, an 
alarm code, statistical information, and an applicable action. The Coss et al. reference at 
Figure 4 is silent with respect to payload information. The Coss et al. reference does not 
disclose mini-sessions as claimed. The Coss et al. merely discloses that for protocols of 
the type which require a separate additional network session, from the outside back to the 
user, such as for example, the protocol employed by ReaLAudio, a rule can include a 
condition or mask that allows a connection back to a user, but only if there is a proper 
forward connection concurrently active, i.e., a connection in which the source and 
destination addresses are interchanged. The Coss et al. reference is silent with respect to 
a mini-session comprising instantiated software modules residing in the same address 
space as the switching process component. 

Since the prior art reference fails to disclose each and every claimed element, then 
the prior art reference fails to anticipate the claimed invention. In view of the foregoing, 
it is respectfully requested that the rejection be withdrawn and it is respectfully asserted 
that the claims are now in condition for allowance. 

The 35 U.S.C. § 103 Rejection 

Claims 4-7, 9-12, 18-22 stand rejected under 35 U.S.C. § 103(a) as being allegedly 
unpatentable over Coss et al. (U.S. Patent No. 6,170,0125) as applied to claims 1, 8, 
further in view of Blake et al., RFC 2475, "An Architecture for Differentiated Services," 
1998. This rejection is respectfully traversed. 
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In the Office Action at paper number 5, paragraph 7, the Office Action asserts that 
the system disclosed by Coss supports a rule for a "tunnel option" (see column 6, lines 
63-67), but does not teach the use of the tunnel option to bypass rules application 
downstream. The "Rules List" disclosed by Coss is an ACL, and one skilled in the art 
implements the bypassing of rules by using a single rule to "pass everything." 

The Office Action asserts that Blake teaches the use of the DS (Differentiated 
Services) field for conditioning traffic for streamlined downstream treatment (see pages 
12 and 13), and further teaches the use of tunneling in order to deploy DS fields (see 
pages 28 and 29). The Office Action asserts that therefore, it would be obvious to one of 
ordinary skill in the art at the time the invention was made to modify the invention 
disclosed by Coss by supporting DS fields in conjunction with the tunnel option, in order 
to condition traffic for downstream treatment. 



Claims 14 and 23 stand rejected under 35 U.S.C. § 103(a) as being allegedly 
unpatentable over Coss et al. (U.S. Patent No. 6,170,0125). This rejection is respectfully 
traversed. 



In the Office Action at paper number 5, paragraph 8, the Office Action asserts that 
Coss discloses several conditions under which sessions may be deleted, but does not 
explicitly state that sessions are to be deleted upon completion. The Office Action asserts 
that Official notice is given that the method of deleting completed processes upon 
completion in order to free memory and conserve CPU time is well-known in the art. 
The Office Action asserts that therefore, it would be obvious to one of ordinary skill in 
the art at the time the invention was made to modify the invention disclosed by Coss 
deleting sessions and their associated mini-sessions upon completion in order to free 
memory and conserve CPU time. Applicants respectfully disagree with the assertions in 
the Office Action. 
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For an obviousness rejection to be proper, the Examiner must meet the burden of 
establishing that all elements of the invention are disclosed in the prior art; that the prior 
art relied upon, coupled with knowledge generally available in the art at the time of the 
invention, must contain some suggestion or incentive that would have motivated the 
skilled artisan to modify a reference or combined references; and that the proposed 
modification of the prior art must have had a reasonable expectation of success, 
determined from the vantage point of the skilled artisan at the time the invention was 
made. In re Fine, 5 U.S.P.Q.2d 1596, 1598 (Fed. Cir. 1988); In Re Wilson, 165 U.S.P.Q. 
494, 496 (C.C.P.A. 1970); Amgen v. Chugai Pharmaceuticals Co., 927 U.S.P.Q.2d, 1016, 
1023 (Fed. Cir. 1996). 

To establish prima facie obviousness of a claimed invention, all the claim 
limitations must be taught or suggested by the prior art. In re Royka, 180 USPQ 580 
(CCPA 1974). All words in a claim must be considered in judging the patentability of 
that claim against the prior art. In re Wilson, 165 USPQ 494, 496 (CCPA 1970). 

As stated above the Coss et al. reference fails to teach or suggest each and every 
claimed element in at least independent claims 1,8, and 17. The combination of the 
Blake et al. reference does not remedy the deficiency of the Coss et al. reference. 
Therefore the combination of the Coss et al. reference and the Blake et al. reference fails 
to teach or suggest each and every claimed element. 

Since each and every claimed element is not taught or suggested by the 
combination of references, there is no prima facie case of obviousness. 

Since the Office Action has been traversed and the rejection fails to make out a 
prima facie case of obviousness, Applicant respectfully requests that the Examiner 
provide specific citation and an Affidavit in support of the assertions in the Office Action 
that each and every claimed element is rendered obvious. 
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Dependent Claims 

The argument and evidence set forth above is equally applicable here. Since the 
independent Claims 1, 8, and 17, are allowable, then the dependent Claims 2-7, 9-16, and 
18-25 must also be allowable. If an independent claim is nonobvious under 35 U.S.C. § 
103, then any claim depending therefrom is nonobvious. In re Fine, 837 F.2d 1071, 5 
U.S.P.Q. 2d 1596 (Fed. Cir. 1988). 

In view of the foregoing, it is respectfully requested that the rejection be 
withdrawn and it is respectfully asserted that the claims are now in condition for 
allowance. 

Judicially-created Double Patenting 

Claims 1-25 have been rejected pursuant to the judicially-created doctrine of 
obviousness-type double patenting as being unpatentable over claims 7, 24 and 25 of 
prior United States Patent No. 6,219,706 to Fan et al. Submitted herewith is a Terminal 
Disclaimer executed by an attorney of record. Withdrawal of this rejection is respectfully 
requested. 

Prior art made of record 

The Office Action cited prior art of record but did not rely upon the prior art. 
Applicants have considered the prior art made of record and assert that the claimed 
invention is patentably distinct over prior art made of record. 

Request for Allowance 

It is believed that this Amendment places the above-identified patent application 
into condition for allowance. Early favorable consideration of this Amendment is 
earnestly solicited. 
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If, in the opinion of the Examiner, an interview would expedite the prosecution of 
this application, the Examiner is invited to call the undersigned attorney at the number 
indicated below. 

Respectfully submitted, 
SIERRA PATENT GROUP, LTD. 

Dated: March 23, 2004 



Sierra Patent Group, Ltd. 
P.O. Box 6149 
Stateline, NV 89449 
(775) 586-9500 




lrew 
Reg. No.: 46,441 
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